Microsoft has been responding to the hack since December 13th, including blocking versions of SolarWinds Orion that contained the malware. Our investigations, which are ongoing, have found absolutely no indications that our systems were used to attack others. We have not found evidence of access to production services or customer data. Like other SolarWinds customers, we have been actively looking for indicators of this actor and can confirm that we detected malicious Solar Winds binaries in our environment, which we isolated and removed. The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Office of the Director of National Intelligence (ODNI) issued a joint statement on Wednesday to say that they were coordinating a “whole-of-government response to this significant cyber incident.” And Smith warned that “we should all be prepared for stories about additional victims in the public sector and other enterprises and organizations.”Įarlier on Thursday, Reuters reported that Microsoft had been hacked as part of the breach and that “it also had its own products leveraged to further the attacks on others.” But Microsoft denied that claim in a statement to The Verge: Investigations into the hack are ongoing. “It’s certain that the number and location of victims will keep growing,” Smith said. Approximately 80 percent of those customers are located in the US, but Microsoft also identified victims in Canada, Mexico, Belgium, Spain, the UK, Israel, and the UAE. Microsoft has also been working this week to notify “more than 40 customers that the attackers targeted more precisely and compromised through additional and sophisticated measures,” according to Smith. A map showing customers affected by the malware in SolarWinds’ Orion.
Solarwinds world map software#
To illustrate just how far-reaching the hack was, Smith included a map that used telemetry taken from Microsoft’s Defender Anti-Virus software to show people who had installed versions of the Orion software that contained malware from the hackers. “The weeks ahead will provide mounting and we believe indisputable evidence about the source of these recent attacks,” according to Smith. He believes that it “is not just an attack on specific targets, but on the trust and reliability of the world’s critical infrastructure in order to advance one nation’s intelligence agency.” Though the post stops short of explicitly accusing Russia, the implication is very clear.
It “represents an act of recklessness that created a serious technological vulnerability for the United States and the world,” Smith argues. Smith characterized the hack as “a moment of reckoning” and laid out in no uncertain terms just how large and how dangerous Microsoft believes the hack to be.
Microsoft president Brad Smith warned that the wide-ranging hack of the SolarWinds’ Orion IT software is “ongoing,” and that investigations reveal “an attack that is remarkable for its scope, sophistication and impact.” The breach targeted several US government agencies and is believed to have been carried out by Russian nation-state hackers.
0 kommentar(er)
